Stopping SPAM

Note: This page is still a work in progress, check back in a few days for more updates.

I, like many internet users, am overloaded in SPAM. The number of spam coming in per day had made my e-mail nearly useless. My Inbox had grown to nearly 5000 messages, 95% or higher was spam. Large amounts of bandwidth was being was downloading this junk e-mail, not to mention all the time to sort through the e-mail. I was not the only user, several employee's at the company were having these problems. Since I have apparently been elected the unofficial sysadmin, I decided to do my best to restore order to the mail system and peace to it's users.

There are two main parts to solving the SPAM problem that I see. First is to filter incoming mail and reject e-mail forgeries. Along with this filter out viruses and other e-mail that appears to be unwanted SPAM like Viagra ads. The second part, which should really be first, is to prevent e-mail harvesting which leads to spam.

Rejecting Spam

The first problem was to do the best to sort out spam coming in.

Spam filters

This is by far the most obvious and most common solution, but yet it is probably the worst solution there is. There are many filters available that will filter spam out of your incoming mail, some of them integrate with a mail server, while others are directly part of the mail client. There are at least two types of filters available, learning filters and rule-based filters.

Anti-virus Filtering

DNS Blacklists


Sender Policy Framework (SPF)


Preventing Spam

Obscure E-Mail Addresses on Webpages

One of the ways which e-mails are harvested for spammers is through web crawlers that search for e-mail addresses on webpages. They search the web endlessly for more e-mail addresses to spam and if you have your e-mail address visible on your site, they can find it. The primary way they identify an e-mail address is through the use of the @ sign. To keep the address from being obvious, some web developers have written e-mail addresses using text which is not an email address, but can be understood by a human, say, writing it like webmaster AT north-winds DOT org. This works and is pretty future proof, at least for a while, but it's inconvenient for the surfer and requires them to type in the correct address.

Encrypt E-Mail Addresses on Webpages

Use less common names for e-mail

Private Registration in Whois

Use E-mail Forms Instead of Addresses

Use seperate address for mailing lists

Use seperate address for various random sign-ups

Valid XHTML 1.0 Transitional Valid CSS! Created with Vim